This project is actively maintained. Security updates are applied to the latest release.
If you discover a security vulnerability, please report it responsibly.
Do NOT open a public issue.
Instead, email sahir.vhora@gmail.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgement within 48 hours
- Assessment of severity and impact
- Timeline for fix disclosure
- Credit in release notes (unless you prefer anonymity)
- Keep dependencies updated (Dependabot enabled)
- Never commit secrets, API keys, or credentials
- Use environment variables for configuration
- Review PRs for security implications
Security fixes are released as patch versions. Subscribe to releases to be notified of updates.